1 /* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 /** 17 * @addtogroup Privacy 18 * @{ 19 * 20 * @brief Provides sensitive permissions access management. 21 * 22 * @since 8.0 23 * @version 8.0 24 */ 25 26 /** 27 * @file privacy_kit.h 28 * 29 * @brief Declares PrivacyKit interfaces. 30 * 31 * @since 8.0 32 * @version 8.0 33 */ 34 35 #ifndef INTERFACES_INNER_KITS_PRIVACY_KIT_H 36 #define INTERFACES_INNER_KITS_PRIVACY_KIT_H 37 38 #include <string> 39 40 #include "access_token.h" 41 #include "add_perm_param_info.h" 42 #include "on_permission_used_record_callback.h" 43 #include "permission_used_request.h" 44 #include "permission_used_result.h" 45 #include "permission_used_type_info.h" 46 #include "perm_active_status_customized_cbk.h" 47 #include "privacy_param.h" 48 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE 49 #include "sec_comp_enhance_data.h" 50 #endif 51 #include "state_customized_cbk.h" 52 53 namespace OHOS { 54 namespace Security { 55 namespace AccessToken { 56 /** 57 * @brief Declares PrivacyKit class 58 */ 59 class PrivacyKit { 60 public: 61 /** 62 * @brief Add input tokenID access input permission record. 63 * @param tokenID token id 64 * @param permissionName permission nanme 65 * @param successCount access success count 66 * @param failCount fail success count 67 * @return error code, see privacy_error.h 68 */ 69 static int32_t AddPermissionUsedRecord(AccessTokenID tokenID, const std::string& permissionName, 70 int32_t successCount, int32_t failCount, bool asyncMode = false); 71 /** 72 * @brief Add input tokenID access input permission record. 73 * @param info struct AddPermParamInfo, see add_perm_param_info.h 74 * @param asyncMode ipc wait type, true means sync waiting, false means async waiting 75 * @return error code, see privacy_error.h 76 */ 77 static int32_t AddPermissionUsedRecord(const AddPermParamInfo& info, bool asyncMode = false); 78 /** 79 * @brief Input tokenID start using input permission. 80 * @param tokenID token id 81 * @param permissionName permission nanme 82 * @return error code, see privacy_error.h 83 */ 84 static int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid = -1); 85 /** 86 * @brief Input tokenID start using input permission and return by callback, 87 * only those services which has float window such as camera or 88 * microphone can use this interface. 89 * @param tokenID token id 90 * @param permissionName permission nanme 91 * @param callback StateCustomizedCbk nanme 92 * @return error code, see privacy_error.h 93 */ 94 static int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, 95 const std::shared_ptr<StateCustomizedCbk>& callback, int32_t pid = -1); 96 /** 97 * @brief Input tokenID stop using input permission. 98 * @param tokenID token id 99 * @param permissionName permission nanme 100 * @return error code, see privacy_error.h 101 */ 102 static int32_t StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid = -1); 103 /** 104 * @brief Remove input tokenID sensitive permission used records. 105 * @param tokenID token id 106 * @param deviceID device id 107 * @return error code, see privacy_error.h 108 */ 109 static int32_t RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID); 110 /** 111 * @brief Get sensitive permission used records. 112 * @param request PermissionUsedRequest quote 113 * @param result PermissionUsedResult quote, as query result 114 * @return error code, see privacy_error.h 115 */ 116 static int32_t GetPermissionUsedRecords(const PermissionUsedRequest& request, PermissionUsedResult& result); 117 /** 118 * @brief Get sensitive permission used records. 119 * @param request PermissionUsedRequest quote 120 * @param callback OnPermissionUsedRecordCallback smart pointer quote 121 * @return error code, see privacy_error.h 122 */ 123 static int32_t GetPermissionUsedRecords( 124 const PermissionUsedRequest& request, const sptr<OnPermissionUsedRecordCallback>& callback); 125 /** 126 * @brief Register sensitive permission active status change callback. 127 * @param callback PermActiveStatusCustomizedCbk smark pointer quote 128 * @return error code, see privacy_error.h 129 */ 130 static int32_t RegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk>& callback); 131 /** 132 * @brief Unregister sensitive permission active status change callback. 133 * @param callback PermActiveStatusCustomizedCbk smark pointer quote 134 * @return error code, see privacy_error.h 135 */ 136 static int32_t UnRegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk>& callback); 137 /** 138 * @brief Judge whether the input tokenID can use the input permission or not. 139 * @param tokenID token id 140 * @param permissionName permission nanme 141 * @return true means allow to user the permission, false means not allow 142 */ 143 static bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName); 144 145 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE 146 /** 147 * @brief Register security component enhance data when security component service did not start 148 * @param enhance enhance data 149 * @return error code, see privacy_error.h 150 */ 151 static int32_t RegisterSecCompEnhance(const SecCompEnhanceData& enhance); 152 /** 153 * @brief update security component enhance data 154 * @param pid process id 155 * @param seqNum sequence number 156 * @return error code, see privacy_error.h 157 */ 158 static int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum); 159 /** 160 * @brief get security component enhance data 161 * @param pid process id 162 * @param enhance enhance data 163 * @return error code, see privacy_error.h 164 */ 165 static int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance); 166 /** 167 * @brief get special security component enhance data 168 * @param bundleName bundle name 169 * @param enhanceList enhance data 170 * @return error code, see privacy_error.h 171 */ 172 static int32_t GetSpecialSecCompEnhance(const std::string& bundleName, 173 std::vector<SecCompEnhanceData>& enhanceList); 174 #endif 175 /** 176 * @brief query permission used type. 177 * @param tokenId token id, if 0 return all tokenIds 178 * @param permissionName permission name, if null return all permissions 179 * @param results query result as PermissionUsedTypeInfo array 180 * @return error code, see privacy_error.h 181 */ 182 static int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, 183 std::vector<PermissionUsedTypeInfo>& results); 184 185 /** 186 * @brief try set mute policy. 187 * @param policyType policy type, see privacy_param.h 188 * @param caller caller type, see privacy_param.h 189 * @param isMute mute or unmute 190 * @return error code, see privacy_error.h 191 */ 192 static int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute); 193 194 /** 195 * @brief try set background visit policy. 196 * @param tokenId token id 197 * @param isAllowed allow or disallow 198 * @return error code, see privacy_error.h 199 */ 200 static int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed); 201 }; 202 } // namespace AccessToken 203 } // namespace Security 204 } // namespace OHOS 205 #endif 206